Your message dated Mon, 9 Jan 2006 19:08:24 +0100
with message-id <[EMAIL PROTECTED]>
and subject line been fixed in 0.1.19-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 6 Oct 2005 13:11:04 +0000
>From [EMAIL PROTECTED] Thu Oct 06 06:11:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ENVWZ-0007Yj-00; Thu, 06 Oct 2005 06:11:04 -0700
Received: from wlan-client-019.informatik.uni-bremen.de ([134.102.116.20]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1ENVWX-0000VT-0E
for [EMAIL PROTECTED]; Thu, 06 Oct 2005 15:11:01 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.53)
id 1ENV06-0002um-O7; Thu, 06 Oct 2005 14:37:30 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: storebackup: Several security problems (already fixed in sid/testing)
X-Mailer: reportbug 3.17
Date: Thu, 06 Oct 2005 14:37:30 +0200
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.116.20
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: storebackup
Version: 1.18.4-2
Severity: grave
Tags: security
Justification: user security hole
Although it's not really mentioned in the changelog storebackup 1.19 fixed
several security problems, which are still present in Sarge, they've been
assigned CAN-2005-3150, CAN-2005-3149 and CAN-2005-3148:
Quoting upstream's changelog:
- uid and gid were not set correctly for symbolic links in the
backups (in the files, not the description of the files)
- check for symbolic links before opening temporary files
- set permissions of backup root directory to 0755
(independent of umask)
- uid and gid were not set correctly for symbolic links when
restoring, instead they were changed in the file where the
symlink pointed to
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 332434-done) by bugs.debian.org; 9 Jan 2006 18:08:26 +0000
>From [EMAIL PROTECTED] Mon Jan 09 10:08:26 2006
Return-path: <[EMAIL PROTECTED]>
Received: from mxout.hispeed.ch ([62.2.95.247] helo=smtp.hispeed.ch)
by spohr.debian.org with esmtp (Exim 4.50)
id 1Ew1RS-0006z4-8i
for [EMAIL PROTECTED]; Mon, 09 Jan 2006 10:08:26 -0800
Received: from turing.prv.korn.ch (84-73-57-8.dclient.hispeed.ch [84.73.57.8])
by smtp.hispeed.ch (8.12.6/8.12.6/taifun-1.0) with ESMTP id
k09I8OXi012971
for <[EMAIL PROTECTED]>; Mon, 9 Jan 2006 19:08:24 +0100
Received: by turing.prv.korn.ch (Postfix, from userid 1000)
id 943B511E5F6; Mon, 9 Jan 2006 19:08:24 +0100 (CET)
Date: Mon, 9 Jan 2006 19:08:24 +0100
To: [EMAIL PROTECTED]
Subject: been fixed in 0.1.19-1
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Face: #IT=!jt##jq+,H7?/t"2s)h(o<l`oz:[EMAIL
PROTECTED]&-?|i,x19;yM-<f<v,SFF4!BZ5N]ii
b+:lZKb)d,Oew0#uM|c7`NW,DG#YlT2"t/5^~ap-TRV%6_Cje2Qq1\H12R\UB3VjMf&*,g></oLaV~
Pg{t9mLT_Rb="h9"u=>2dFk=\NtVMNjU}z'}{2%b_SpKKn27hSKK(8G[>S`#RQ[{^aSG~07LW|!9bi
yM'=([4R*$E*';L
User-Agent: Mutt/1.5.11
From: [EMAIL PROTECTED] (Arthur Korn)
X-Virus-Scanned: ClamAV version 0.87.1, clamav-milter version 0.87 on
smtp-01.tornado.cablecom.ch
X-Virus-Status: Clean
X-DCC-spamcheck-02.tornado.cablecom.ch-Metrics: smtp-01.tornado.cablecom.ch
32701; Body=1
Fuz1=1 Fuz2=1
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-0.1 required=4.0 tests=BAYES_44 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
Version: 0.1.19-1
--
Secure email, spread GPG, clearsign all mail. http://www.gnupg.org
.
Education is what remains after one has forgotten everything he
learned in school.
-- A. Einstein
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
